CVE-2023-43752

2023-11-1606:46:38

jpcert

www.cve.org

command injection

wrc-x3000gs2

vulnerability

network-adjacent authenticated user

arbitrary os command

crafted request

EPSS

Percentile

9.6%

JSON

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2-W",
    "versions": [
      {
        "version": "v1.05 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2-B",
    "versions": [
      {
        "version": "v1.05 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2A-B",
    "versions": [
      {
        "version": "v1.05 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94119876/

www.elecom.co.jp/news/security/20231114-01/

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2023-43752